Tag

Security Awareness

Develop a strong security mindset with articles focused on security awareness principles, social engineering defense, safe browsing habits, password hygiene, and recognizing manipulation tactics used by attackers targeting human vulnerabilities.

posts

Zero Trust Security Model

Zero Trust Security Model: A Practical Guide for 2026

The Breach That Proved Perimeters Don't Work In 2020, the SolarWinds breach gave roughly 18,000 organizations a brutal lesson: once a threat actor gets past your perimeter, they can move laterally for months without detection. Government agencies, Fortune 500 companies, and critical infrastructure providers all had firewalls.

Carl B. Johnson Oct 01, 2019 7 min read
Zero Trust Network Access

Zero Trust Network Access: A Practical Guide for 2026

The Breach That Proved Perimeter Security Was Dead In early 2024, a threat actor gained access to Microsoft's corporate email system — including accounts belonging to senior leadership and cybersecurity staff. The attacker didn't exploit some exotic zero-day. They used a password spray attack against a legacy

Carl B. Johnson Sep 28, 2019 8 min read
Zero Trust Implementation

Zero Trust Implementation: A Practical Guide for 2026

The Breach That Proved "Trust But Verify" Is Dead In early 2024, a major healthcare provider disclosed that attackers had spent nine months inside their network — moving laterally, escalating privileges, and exfiltrating millions of patient records. Their perimeter defenses were solid. Their VPN was enterprise-grade. None of it

Carl B. Johnson Sep 28, 2019 7 min read
Acceptable Use Policy

Acceptable Use Policy Cybersecurity: Why Yours Fails

The Policy Gathering Dust in Your Shared Drive In 2023, the city of Dallas was hit by a Royal ransomware attack that crippled municipal services for weeks. Investigators traced the initial access back to a service account and poor access controls — exactly the kind of risk a well-enforced acceptable use

Carl B. Johnson Sep 20, 2019 7 min read
Securing Cloud Applications

Securing Cloud Applications: A Practical Guide for 2026

The Misconfiguration That Exposed 100 Million Records In 2019, a former Amazon Web Services employee exploited a misconfigured web application firewall to breach Capital One's cloud infrastructure. The result: over 100 million customer records exposed, a $190 million class-action settlement, and an $80 million fine from the OCC.

Carl B. Johnson Sep 10, 2019 7 min read
Shadow IT Risks

Shadow IT Risks: The Hidden Threat Draining Your Budget

One Unapproved App Cost a Hospital Network $3 Million In 2023, a regional hospital system discovered that a department had been using an unapproved file-sharing tool to exchange patient records for over a year. The tool had no encryption, no access controls, and no audit trail. When an attacker exploited

Carl B. Johnson Sep 10, 2019 8 min read
Shadow IT

What Is Shadow IT? The Hidden Risk You Can't Ignore

Your Employees Already Built a Second IT Department In 2023, a Gartner survey found that 41% of employees acquired, modified, or created technology outside of IT's visibility. By now, that number has only grown. If you're asking what is shadow IT, the short answer is this:

Carl B. Johnson Sep 08, 2019 7 min read
Cyber Hygiene

Cyber Hygiene Definition: What It Really Means in 2026

A Preventable Breach That Started With One Reused Password In 2024, the breach at Change Healthcare disrupted pharmacy operations across the United States for weeks. The root cause? A compromised credential on a system that lacked multi-factor authentication. That single gap — a basic cyber hygiene failure — led to one of

Carl B. Johnson Aug 20, 2019 6 min read